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AMENDMENTS TO THE CLAIMS 



CLAIMS (clean copy) 

5 

1 . (currently amended) A distributed subscriber management method for controlling user 
authentication at an access control node located between a plurality of user networks and an 
access network, the access network being connected to an external netwoik having an access 
rights authentication server, the method comprising the steps ofi 
2 0 (a) receiving, at the access control node, which is operatively 

connected to the pluraUty of user networks, a data unit fiom a user located on one of the 
plurality of vser networics; 

(b) determining whether the data unit requires autihentication; 

(c) if the data unit requires authentication, detennming whether 
1 5 auflientication data is locally stored on the access control node, 

(S) if the authoitication data is locaUy stored on the access control 
node, authenticating the data unit, thus preventing unnecessary trafiBc interchange between the 
access netwoik and the pluraUty of user networics; 

(e) if the authaitication data is not locally stored on the access 
2 0 control node, determining whether the data unit is eligible for transmission to the external 
network; and 

(0 if flie data unit is eligible for transmission, transmitting said data 
unit fiom the access control node to the authentication server of the external network. 

25 2. (currentfy amended) The distributed subscriber management method as claimed in claim 
1, wherein the step (d) includes interrogating the user for access information. 

3. (currently amended) The distributed subscriber management method as claimed in claim 
1, wherein the step (f) comprises a step of receiving, at the access control node, an 
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authentication message for said data unit fiom the authentication server to pennit the user to 
access the external netwoik. 

4. (currently amended) The distributed subscriber management method as claimed in claim 
5 1, wherein the step (b) comprises a step of searching the authenticated data unit locally stored 

on the access control node. 

5. (currently amended) The distributed subscriber management method as claimed in claim 

2, further including encrypting the access information at the access control node prior to 
1 0 transmitting flie access information to the authentication server of the extanal netwoik. 

6. (currentiy amended) The distributed subscriber management method as claimed in claim 

3, wherein the step of receiving, at the access control node, the authentication message for said 
data unit comprises a step of storing authenticated data unit in a local authorization table on 

15 the access control node. 

7. (currently amended) The distributed subscriber management method as claimed in claim 
6, wherein the step (b) comprises searching the authenticated data units stored in the local 
authorization table on the access control node. 

20 

8. (currently amended) The distributed subscriber management method as claimed in claim 3, 
wherein the step (f) comprises a step of communicating with the authentication server 
employing one or more of standard authoitication protocols selected fiom the Ust consisting of 
remote authentication dial-in user service protocol, password authentication protocol, challenge 

2 5 handshake authentication protocol, and taminal access controller access control system 

protocol. 

9. (currently amended) The distributed subscriber management method as claimed in claun 1, 
wherein the step (d) comprises employing one or more of standard authentication protocols 

3 0 selected fi^om the list consisting of remote authentication dial-in user service protocol, 
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password authentication protocol, chaUenge handshake authentication protocol, and terminal 
access controller access control system protocol at the access control node. 

10. (currently amended) The distributed subscriber management method as claimed in claim 
5 3, wherein the step (f) further includes packet-labeling of the data unit. 

1 1 . (currently amended) The distributed subscriber management method as claimed in claim 
6, wherein the step of receiving the authentication message further includes determinmg the 
contents of the authentication message at the access control node. 

10 

12. (currently amended) The distributed subscriber management method as claimed in claim 
1, wherein the step (e) comprises examining the content of the authenticated data unit at the 
access control node. 

15 13. (canceled) 

14. (original) The distributed subscriber management method as claimed in claim 

1, forther including collecting statistical usage information at the access node. 

20 15. (currently amended) An integrated access device, for placement between a user network 

and an external network, the external networic having an access rights authaitication server, the 

integrated access device comprising: 

a user network interface for operatively connecting to a plurality of 

user networks to receive data units &om the plurality of user networks; 
25 an authentication agent, operatively connected to the user network 

interface for locally authenticating, authorizing and forwarding data units received from the 

plurality of user networks; 

an external network interface, operatively connected to the 
authentication agent, for forwarding data units locally authorized by the authentication agent to 
30 the external network; and 
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means for communicating with the access rights authentication server 

of the external network. 

1 6. (original) An integrated access device as claimed in claim 15, wherem the user 
5 network interface includes a plurality of ingress cards and the external network interface 

includes an egress card. 

1 7. (currently amended) An integrated access device as claimed in claim 15, wherein the 
authentication agent includes a local authorization table for authorizing data units. 

10 

1 8. (original) An integrated access device as claimed in claim 1 5, wherein the 
authentication agent includes network address assignment and release means. 

15 

19. (currently amended) An integrated access device as claimed in claim 15, further including 
service level enforcing means, network resource management means, means for statistical 
usage collection, and alarm monitoring means. 

20 

20. (currently amended) An integrated access device as claimed in claim 17, wherein the 
means for communicating with the access rights authentication server comprises: 

means for determining whether the data imit is eligible for 
transmission from the access control node to the authentication server of the external networic; 
2 5 means for transmitting the data unit from the access control node to 

the authentication server of the external network; 

means for receiving, at the access control node, an authentication 
message for said data unit from the authentication server to permit the user to access the 
external network; and 
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means for storing authenticated data units in a local authorization 
table on the access control node. 



2 1 . (currently amended) An integrated access device as claimed in claim 1 5, wherein the 
5 authentication agent includes a password authentication protocol 

22. (currently amended) An integrated access device as claimed in claim 1 5, wherein the 
authentication agent includes a challenge handshake authentication protocol. 

10 23. (currently amended) An integrated access device as claimed in claim 1 5, whaein the 
authentication agent includes a tOTmnal access controllCT access control systan. 

24. (currently amended) An inte^ted access device as claimed in claim 1 5, wherein the 
authentication agent includes a ronote authentication dial-in user service protocol. 
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25. (new) An access control node, for placement between a plurality of user 

networks and an access network, the access network being connected to an external network 
having an access rights authentication server, the access control node comprises the integrated 
access device claimed in claim 1 5. 
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